Ubiquitous Wi-Fi is coming for tablets, but security issues must be addressed

April 26, 2012

Wi-Fi is not a new story, but it’s a newly invigorated one. There has been a noticeable increase over the last six months in the level of interest it generates. Whether it is mobile phone manufacturers, like Nokia, mobile network operators, like O2, or transport services, both underground and overground, partnering with communications companies, it seems like the promise and potential of free Wi-Fi may finally be realized.

Wi-Fi interest in raging around the globe

Each of the above examples is based in London, but the free-to-access public Wi-Fi trend is raging globally.

All of a sudden, unlicensed spectrum is looking attractive, while researchers like Informa recognize that indoor and outdoor Wi-Fi coverage, usage and offload are growing substantially. Indeed, Informa and the Wireless Broadband Alliance (WBA) have forecast that global public Wi-Fi hotspot numbers will grow from 1.3 million in 2011 to 5.8 million by 2015, representing an increase of 350%.

This Wi-Fi news will be greeted warmly by the nine out of 10 iPad owners who have opted for Wi-Fi-only versions of their device. The price difference between a Wi-Fi-only versus 3G tablet is considerable. On top of the device price, the requirement for data connection and monthly subscription has proved to be a deterrent.

These developments would most certainly have played some part in persuading mobile operator trade body, the GSM Association, to team up with the WBA with the aim of finding a way to simplify the process by which mobile devices connect to Wi-Fi networks. Convergence is coming, but we’re not quite there yet.

It looks like LTE could change all that; mobile VoIP clients will be comparable with carrier voice services and will be available beyond smartphones. This could see a migration in carrier service like voice and SMS from ‘phones’ to ‘tablets’ – and when we start seeing more tablets used for voice calls, we’ll start seeing those lines blur between mobile and the Internet.

Cellular and Wi-Fi operators need to come together

It takes two to tango, though. Both the Wi-Fi players and the cellular players need to come together, hence why it’s important that the GSMA and WBA team up. Most free-to-access public Wi-Fi hotspots require some form of registration or log-on before granting access, and while people are willing to spend a few moments entering details when stationed at a regular location (i.e. home or the office), they tend not to bother when the location is more temporary, such as at a coffee shop.

In addition to the inertia caused by this fiddle-factor, mobile users and providers of free public Wi-Fi are also concerned with security. Unfortunately, the open access that enables a person to find a hotspot quickly becomes the security hole through which hackers capture data as it flies through the air.

It seems obvious, but if carriers can find a way to simplify and quicken the process of secure log in to public Wi-Fi hotspots, then it is likely more people will offload onto Wi-Fi. Carriers can enable end -users to choose and prioritize traffic to be offloaded to Wi-Fi, according to whether they are offloading to a public or private hotspot. And by doing this, carriers and users can avoid the offload of particularly sensitive traffic to public hotspots, eliminating inconsistent performance but enabling the automatic offload of all traffic when users are logged on to a reliable private hotspot.

This sounds easy in principle, but how can this work in practice?

Authentication and encryption must be in-place for secure Wi-Fi

The first step is to help devices know what they are getting. An SSID of “coffee_shop” is quaint for local access, but in reality this coffee shop access point (AP) could become a proxy for service providers like iPass, Boingo, the Cloud or even AT&T.  Rather than broadcasting an open AP name, the device would query the AP to determine a whole range of information, including authentication and security mechanisms.

The second step is authentication.  Perhaps the coffee shop has agreed to proxy service for a range of providers. A device may have the username and password credentials pre-loaded to use Boingo’s service. Rather than being the endpoint, the AP takes the Boingo credentials from the device and then queries Boingo’s servers directly to enable (or reject) connectivity. For smartphones or other SIM-based devices, the process may rely on the SIM credentials, thus moving to a completely automated authentication process. 

The final stage is focusing on security.  A key security hole in today’s networks is that APs need to be open (unencrypted) for a device to begin to attach. It’s this ‘over the air’ interface which is most vulnerable. Next-generation APs will appear locked, but will have the ability for the device to query for specific information about the AP and begin the authentication process securely.

These capabilities are all inherent in the cellular network today. Applying the same principles to the world of public Wi-Fi will only serve to ease connectivity, increase security and begin transforming Wi-Fi into a credible sidekick to the outdoor macro network for the colliding worlds of the smartphone and tablet.


Load More